Right now the way Nginx's configuration gets built is:

1. The templates containing the Nginx configuration get copied to the Dockerfile.
2. Once Nginx boots, it waits until the Flaks application is contacted which collects the "headers for the authentication" and "headers to forward" from plug ins that we have set up and the "/saml" blueprint's prefix which gets set in the "api_gateway" configuration file as a location.

Any headers that are collected from the Flask application get printed in the templates, without any distinction per back end or authorization plug in —which makes sense, because Nginx will simply ignore them and not send them when they do not have any content—, but that begs the question: isn't it better just to hard-code those headers, which just will make it easier to reason about the configuration?

It is true that any change will have to be made in both places, but until now no headers have been changed or added, and the number of custom headers to add in the Nginx config is so low that it doesn't seem like the automation is justified.